Cybersecurity, Cybercrime, Cyberwar, Cyberespionage...
|
|
- Esmond Gary Heath
- 6 years ago
- Views:
Transcription
1 Cybersecurity, Cybercrime, Cyberwar, Cyberespionage... can How the can Internet the Internet community community make the improve situation security better? Dr. Cristine Hoepers Computer Emergency Response Team Brazil - CERT.br Brazilian Network Information Center - NIC.br Brazilian Internet Steering Committee - CGI.br
2 Internet Security is in the Spotlight Why is this happening? Criminals are just migrating to where the money is Espionage is being done where the information is As our critical infrastructures are increasingly connected to the Internet, this attracts attacks
3 Sadly, security is being used as a scapegoat for control measures surveillance bad legislation
4 But this does not mean there are no security problems...
5 Plenty of attacks today that won t go away easily Against end users (both at home and work) fraud, phishing, spyware, etc botnets used for all ends APTs (Advanced Persistent Threats) Password brute force against network services SSH, FTP, Telnet, VNC, etc DDoS reflective attacks (DRDoS) tend to increase (Ex.: attacks on SpamHaus, that reached 300Gbps)
6 Some other attacks are rapidly increasing Social Networks malware and social engineering hijacked accounts, specially of news agencies Mobile devices in most part are malicious apps but there are already vulnerabilities found and exploited CPEs, wifi routers, etc password brute force already being exploited by botnets (Ex.: Aidra) Against Registries and Registrars like recent domains and cctlds hijacks
7 Part of our problems come from what has been called irresponsibility at scale by some Attacks, like DDoS and Spam, that are possible or amplified by the lack of best practices implementation by the various players Ø From the perspective of the networks that need to implement best practices There is no immediate benefit The effects of the attacks from their perspective are negligible Ø From the perspective of the networks being attacked almost nothing can be done to stop the attack the effects are big and complex to mitigate
8 The adoption of best practices and security layers is being postponed BCP 38 (antispoofing) Botnet remediation (disinfection) End user awareness/education the users should have a chance to understand the risks Other times the sectors are stuck in a chicken and the egg dilemma DNSSEC adoption DMARC (SPF, DKIM)
9 But the collective irresponsibility is not only a network/isp perspective problem Other sectors also need to leave their comfort zone Software development 0-days became the norm in general developers think that security is an add-on to be implemented by someone else... but it needs to be incorporated from design to deployment and maintenance Standards standards are still developed not focusing enough on security issues at the early design phase underestimating the threats is the most usual The model design è deploy è fix later is clearly not working
10 There are many challenges to get major improvements... and all of us in this room have a part to play to start the process
11 Our networks need to be more resilient There needs to be more engagement of the community for: Internet Exchange Points Infrastructure redundancy DNSSEC adoption also to enable new protocols as DANE More security on the routing system RPKI e S-BGP Improvements or alternatives to the current digital certificate system the current trust model is broken
12 We all need to work on the end user protection Systems should be less complex and this requires a technology made for users, not geeks... ISPs and network admins in general need to be more proactive to remediate malware and botnet infected devices we need to have a cleaner and safer environment, examples: RFC 6561: Recommendations for the Remediation of Bots in ISP Networks icode Australia Botfrei.de Germany Irish Anti-Botnet Initiative (Botfree.ie) Ireland Cyber Clean Center (CCC) Japan Cyber Curing System / e-call Center 118 Korea Anti-Botnet Working Group Netherlands Abuse Information Exchange Netherlands Autoreporter Finland U.S. Anti-Bot Code of Conduct (ABCs) for ISPs US Malware Free Switzerland Switzerland Advanced Cyber Defence Centre / Botfree.eu European Union
13 We need to better deal with security incidents Incident Management needs to be more formalized Create CSIRTs/CERTs If not possible, at least abuse teams We need to move to different models to detect infected devices and data exfiltration Flows, honeypots, passive DNS Act on incident notifications Act on data feeds from clearinghouses like Team Cymru or ShadowServer from other CSIRTs
14 Nothing really new in the last few slides, right? So, why don t all networks already implement the best practices out there? real life is more complex no clear understanding of the benefits risks of technical problems perceived costs of implementation consumer protection issues legal and regulatory issues don t underestimate communication problems technical, legal, management and police makers don t speak the same language!
15 Final notes There is no perfect and single solution The sum of all different measures will make the problems more manageable All our words and actions can help avoid that security be misused for political reasons this hinders security, privacy and stability of the Internet We need to think about multistakeholder engagement for security improvement, or in other words all actors need to be willing to understand each others challenges a common vocabulary needs to be developed we must set aside preconceptions
16 Final notes Security is not someone else s problem Everyone has a part to play We need to start acting and implement the well known best practices be more proactive talk to each other move to further cooperation and improved security And finally: this keynote has obviously not covered all security issues or countermeasures
17 Thank you! Dr. Cristine Hoepers CERT.br Centro de Estudos, Resposta e Tratamento de Incidentes de Segurança no Brasil NIC.br Núcleo de Informação e Coordenação do.br CGI.br Comitê Gestor da Internet no Brasil
SpamPots Project: Using Honeypots to Measure the Abuse of End-User Machines to Send Spam. Cristine Hoepers General Manager
SpamPots Project: Using Honeypots to Measure the Abuse of End-User Machines to Send Spam Cristine Hoepers General Manager cristine@cert.br Klaus Steding-Jessen Technical Manager jessen@cert.br CERT.br
More informationSpamPots Project: Using Honeypots to Measure the Abuse of End-User Machines to Send Spam. Cristine Hoepers General Manager
SpamPots Project: Using Honeypots to Measure the Abuse of End-User Machines to Send Spam Cristine Hoepers General Manager cristine@cert.br CERT.br Computer Emergency Response Team Brazil NIC.br - Network
More informationPort 25 Management in Brazil: A Multistakeholder Effort to Reduce Direct Delivery from End User Networks
Port 25 Management in Brazil: A Multistakeholder Effort to Reduce Direct Delivery from End User Networks Henrique Faulhaber, Board Member Brazilian Internet Steering Committee CGI.br Dr. Cristine Hoepers,
More informationENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010
ENISA & Cybersecurity Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010 Agenda Some Definitions Some Statistics ENISA & Cybersecurity Conclusions
More informationCybersecurity and Vulnerability Assessment
Cybersecurity and Vulnerability Assessment Wayne Zeuch Vice Chair: Working Group on Deployment of Technologies and Services ITU /CITEL Regional Cybersecurity Workshop for the Americas Salta, Argentina
More informationCroatian National CERT ACDC project Darko Perhoc, Head of National CERT CISSP, CEH, CCNP Security R&S,CCDP
Croatian National CERT ACDC project Darko Perhoc, Head of National CERT CISSP, CEH, CCNP Security R&S,CCDP Croatian National CERT (HR-CERT) mission: Promoting and preserving information security of public
More informationEuropean Union Agency for Network and Information Security
Critical Information Infrastructure Protection in the EU Evangelos Ouzounis Head of Secure Infrastructure and Services Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European Union Agency
More informationNew Developments in the SpamPots Project
New Developments in the SpamPots Project Klaus Steding-Jessen Cristine Hoepers CERT.br CERT Brazil http://www.cert.br/ NIC.br Brazilian Network Information Center http://www.nic.br/
More informationReduce Your Network's Attack Surface
WHITE PAPER Reduce Your Network's Attack Surface Ixia's ThreatARMOR Frees Up Security Resources and Personnel The Threat Landscape When you re dealing with network security, one of the primary measurements
More informationLegal Foundation and Enforcement: Promoting Cybersecurity
Legal Foundation and Enforcement: Promoting Cybersecurity Regional Workshop on Frameworks for Cybersecurity and Critical Information Infrastructure Protection February 19, 2008 Mark L. Krotoski Computer
More informationStakeholders Analysis
Stakeholders Analysis Introduction National Stakeholders ISP citizens CNIIP Media National CIRT Academia ONG, Public And Private Institutions sectoral CSIRTs Law enforcement 2 2 CIRT ISP A specialized
More informationLAC-CSIRTs & FIRST Technical Colloquium Rosario, Argentina September 26, 2018
LAC-CSIRTs & FIRST Technical Colloquium Rosario, Argentina September 26, 2018 From Professionals to Policy Makers: Challenges and Opportunities in Educating about Cybersecurity and Incident Handling Dr.
More informationDNS Abuse Handling. FIRST TC Noumea New Caledonia. Champika Wijayatunga Regional Security, Stability and Resiliency Engagement Manager Asia Pacific
DNS Abuse Handling FIRST TC Noumea New Caledonia Champika Wijayatunga Regional Security, Stability and Resiliency Engagement Manager Asia Pacific 10 September 2018 1 The Domain Name System (DNS) The root
More informationAPNIC Cooperation SIG: Anti-Abuse Community Development
M3AAWG @ APNIC Cooperation SIG: Anti-Abuse Community Development Jesse Sowell, PhD Special Advisor to M3AAWG; Vice-Chair of Growth and Develop Directing Outreach NANOG Program Committee Cybersecurity Fellow
More informationCo-operation against cybercrime CSIRTs LE private sector
Co-operation against cybercrime CSIRTs LE private sector Octopus Interface 2010 Kauto Huopio Sr. Infosec Advisor Finnish Communications Regulatory Authority CERT-FI Finnish national CSIRT authority { National
More informationDigital Health Cyber Security Centre
Digital Health Cyber Security Centre Current challenges Ransomware According to the ACSC Threat Report 2017, cybercrime is a prevalent threat for Australia. Distributed Denial of Service (DDoS) Targeting
More information.rio Registration Policies 2016 Dec 16
.rio Registration Policies 2016 Dec 16 Empresa Municipal de Informática SA [IPLANRIO], the registry for.rio domains, requires all registrants to abide by the policies detailed below or any successor policy
More informationENISA EU Threat Landscape
ENISA EU Threat Landscape 24 th February 2015 Dr Steve Purser ENISA Head of Department European Union Agency for Network and Information Security www.enisa.europa.eu Agenda ENISA Areas of Activity Key
More informationBackground. Threats. Present Status. Challenges and Strategies 9/30/2009 TRAI 2
9/30/2009 TRAI 1 Background Threats Present Status Challenges and Strategies 9/30/2009 TRAI 2 Critical infrastructure means the computers, computer systems, and/or networks, whether physical or virtual,
More informationEFFECTIVE DEFENCE In a connected world. Philippe COTELLE, Airbus Defence and Space 2016, Nov 4th
EFFECTIVE DEFENCE In a connected world Philippe COTELLE, Airbus Defence and Space 206, Nov 4th Telecommunications Satellites Cybersecurity Threats Telemetry & Command hijack or jamming Data communication
More informationService Provider View of Cyber Security. July 2017
Service Provider View of Cyber Security July 2017 Quick Stats Caribbean and LatAm: 3 rd largest population of Internet Users You Are Here Visualization from the Opte Project of the various routes through
More informationPromoting Global Cybersecurity
Promoting Global Cybersecurity Presented to ITU-T Study Group 17 Geneva, Switzerland 6 October 2005 Robert Shaw ITU Internet Strategy and Policy Advisor ITU Strategy and Policy Unit 1 Agenda Critical Infrastructures
More informationPackage of initiatives on Cybersecurity
Package of initiatives on Cybersecurity Presentation to Members of the IMCO Committee Claire Bury Deputy Director-General, DG CONNECT Brussels, 12 October 2017 Building EU Resilience to cyber attacks Creating
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationThe Challenge of Spam An Internet Society Public Policy Briefing
The Challenge of Spam An Internet Society Public Policy Briefing 30 October 2015 Introduction Spam email, those unsolicited email messages we find cluttering our inboxes, are a challenge for Internet users,
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationEducation Network Security
Education Network Security RECOMMENDATIONS CHECKLIST Learn INSTITUTE Education Network Security Recommendations Checklist This checklist is designed to assist in a quick review of your K-12 district or
More informationCybersecurity in Government
Cybersecurity in Government Executive Development Course: Digital Government Ng Lup Houh, Principal Cybersecurity Specialist Cybersecurity Group 03 April 2018 Agenda Cyber Threats & Vulnerabilities Cyber
More informationDNSSEC: A game changing example of multi-stakeholder cooperation. ICANN Meeting, Singapore 21 June 2011
DNSSEC: A game changing example of multi-stakeholder cooperation ICANN Meeting, Singapore 21 June 2011 richard.lamb@icann.org ICANN ICANN is a global organization that coordinates the Internet s unique
More informationCyber Security Technologies
1 / Cyber Security Technologies International Seminar on Cyber Security: An Action to Establish the National Cyber Security Center Lisbon, 12 th September 2013 23 / Key highlights - Thales Group Thales
More information2015 Online Trust Audit & Honor Roll Methodology
2015 Online Trust Audit & Honor Roll Methodology Jeff Wilbur VP Marketing, Iconix Craig Spiezle Executive Director & President, OTA 2015 All rights reserved. Online Trust Alliance (OTA) Slide 1 Who Is
More informationAPNIC s role in stability and security. Adam Gosling Senior Policy Specialist, APNIC 4th APT Cybersecurity Forum, 3-5 December 2013
APNIC s role in stability and security Adam Gosling Senior Policy Specialist, APNIC 4th APT Cybersecurity Forum, 3-5 December 2013 Overview Introducing APNIC Working with LEAs The APNIC Whois Database
More informationComputer Security Trend 2008 from Japan. SQL Injection, DNS cache poisoning, Phishing, Key logger Malware and Targeted Attacks
Computer Security Trend 2008 from Japan SQL Injection, DNS cache poisoning, Phishing, Key logger Malware and Targeted Attacks JPCERT Coordination Center, Japan Manager of Watch and Warning Group Keisuke
More informationVincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC
Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC 1 2013 2 3 in 4 3 5.900.000.000 $ 4 RSA s Top 10 List 5 RSA s top 10 phishing list Copyright 2014 EMC
More informationElectronic payments in the Netherlands
Electronic payments in the Netherlands The Dutch approach on Cybersecurity Gijs Boudewijn Deputy General Manager Vienna May 19 th 2015 Agenda Facts and figures Fraud developments in the Netherlands - Situation
More informationNetherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice
Netherlands Cyber Security Strategy Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice 1 Netherlands: small country, big time vulnerable #1 80% online banking 95% youth uses
More informationJPCERT/CC Incident Handling Report [October 1, 2015 December 31, 2015]
JPCERT-IR-2015-05 Issued: 2016-01-14 JPCERT/CC Incident Handling Report [October 1, 2015 December 31, 2015] 1. About the Incident Handling Report JPCERT Coordination Center (herein, JPCERT/CC) receives
More informationEUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity
EUROPEAN COMMISSION JOINT RESEARCH CENTRE Information Note JRC activities in the field of Cybersecurity Date: 28 January, 2016 JRC activities in the field of Cybersecurity 1. Societal and political context
More informationThe challenges of the NIS directive from the viewpoint of the Vienna Hospital Association
The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association page 1 Cybersecurity Strategy Essential Points The norms, principles and values that the City of Vienna and the
More informationFINNISH CYBER DEFENSE MODEL GUIDED TOUR
FINNISH CYBER DEFENSE MODEL GUIDED TOUR SPAM Botnets Identity theft Phishing Denial of Service Defacements @codenomicon BACKGROUND Sindri Bjarnason - sindri@codenomicon.com Senior Solution Engineer at
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationTOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS
TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS 1 Introduction Your data and infrastructure are at the heart of your business. Your employees, business partners, and
More informationThanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at
Thanks! Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at jim@stickleyonsecurity.com Don t forget to checkout Stickley on Security and learn about our
More informationUnderstanding the Changing Cybersecurity Problem
Understanding the Changing Cybersecurity Problem Keith Price BBus, MSc, CGEIT, CISM, CISSP Founder & Principal Consultant 1 About About me - Specialise in information security strategy, architecture, and
More informationCybersecurity & Digital Privacy in the Energy sector
ENERGY INFO DAYS Brussels, 25 October 2017 Cybersecurity & Digital Privacy in the Energy sector CNECT.H1 Cybersecurity & Digital Privacy, DG CNECT ENER.B3 - Retail markets; coal & oil, DG ENER European
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationThe tale of one thousand and one ADSL modems
The tale of one thousand and one ADSL modems Fabio Assolini, Malware Researcher, twitter.com/assolini Virus Bulletin 2012 Dallas, USA PAGE 2 If we can t attack a computer or a server, we ll attack a router
More informationThe European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3
The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3 Andrea.Servida@ec.europa.eu What is at stake with CIIs The World Economic Forum
More informationCYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018
CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018 Cyber fraud attacks happen; they can t all be stopped. The higher order question must be how can we, as fraud examiners and assurance professionals,
More informationINTERPOL For official use only. Fighting with friends
Fighting with friends Transnational Cybercrime Volume of crime Restriction in information sharing Emerging technology & ease of criminal use Legislative harmony So, what does do Analysis and on-site assistance
More informationSecurity by Default: Enabling Transformation Through Cyber Resilience
Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,
More informationCybersecurity & Spam after WSIS: How MAAWG can help
Cybersecurity & Spam after WSIS: How MAAWG can help MAAWG Brussels Meeting 27-29 June 2006 Robert Shaw Deputy Head ITU Strategy and Policy Unit International Telecommunication Union 28 June 2006 1 Setting
More informationGrowing DDoS attacks what have we learned (29. June 2015)
Growing DDoS attacks what have we learned (29. June 2015) Miloš Kukoleča AMRES milos.kukoleca@amres.ac.rs financed by the European Union from the START Danube Region Network protection Strict network policy
More informationWHOIS High-Level Technical Brief
WHOIS High-Level Technical Brief Background When the predecessor to the Internet (the ARPANet) was first being developed, it was quickly determined that there needed to be a contact list of the researchers
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationSecurity Standardization and Regulation An Industry Perspective
Security Standardization and Regulation An Industry Perspective Dr. Ralf Rammig Siemens AG Megatrends Challenges that are transforming our world Digitalization In the future, we ll be living in a world
More informationSystemic Analyser in Network Threats
Systemic Analyser in Network Threats www.project-saint.eu @saintprojecteu #saintprojecteu John M.A. Bothos jbothos@iit.demokritos.gr Integrated System Laboratory Institute of Informatics & Telecommunication
More informationTransnational Anti-Abuse Working Group (AAWG) Development
Transnational Anti-Abuse Working Group (AAWG) Development Jesse Sowell, PhD Senior Advisor Vice-Chair of Growth and Develop Directing Outreach Cybersecurity Fellow; Stanford Center for International Security
More informationRPKI and Internet Routing Security ~ The regional ISP operator view ~
RPKI and Internet Routing Security ~ The regional ISP operator view ~ APNIC 29/APRICOT 2010 NEC BIGLOBE, Ltd. (AS2518) Seiichi Kawamura 1 Agenda Routing practices of the regional ISP today How this may
More informationIncident Response Initiatives in Brazil
Incident Response Initiatives in Brazil Klaus Steding-Jessen jessen@cert.br Computer Emergency Response Team Brazil CERT.br http://www.cert.br/ Brazilian Internet Steering Committee http://www.cgi.br/
More informationBradford J. Willke. 19 September 2007
A Critical Information Infrastructure Protection Approach to Multinational Cyber Security Events Bradford J. Willke 19 September 2007 Overview A framework for national Critical Information Infrastructure
More informationStandard Categories for Incident Response (definitions) V2.1. Standard Categories for Incident Response Teams. Definitions V2.1.
Standard Categories for Incident Response Teams Definitions V2.1 February 2018 Standard Categories for Incident Response (definitions) V2.1 1 Introduction This document outlines categories that Incident
More informationMonthly Cyber Threat Briefing
Monthly Cyber Threat Briefing January 2016 1 Presenters David Link, PM Risk and Vulnerability Assessments, NCATS Ed Cabrera: VP Cybersecurity Strategy, Trend Micro Jason Trost: VP Threat Research, ThreatStream
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationSupply Chain Integrity and Security Assurance for ICT. Mats Nilsson
Supply Chain Integrity and Security Assurance for ICT Mats Nilsson The starting point 2 B Internet users 85% Population coverage 5+ B Mobile subscriptions 10 years of Daily upload E-Books surpassing Print
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationSpamPots Project: Using Honeypots to Measure the Abuse of End-User Machines to Send Spam
SpamPots Project: Using Honeypots to Measure the Abuse of End-User Machines to Send Spam Klaus Steding-Jessen jessen@cert.br CERT.br Computer Emergency Response Team Brazil NIC.br Network Information Center
More informationCISO as Change Agent: Getting to Yes
SESSION ID: CXO-W02F CISO as Change Agent: Getting to Yes Frank Kim Chief Information Security Officer SANS Institute @fykim Outline Catch the Culture Shape the Strategy Build the Business Case 2 #1 Catch
More informationValidating the Security of the Borderless Infrastructure
SESSION ID: CDS-R01 Validating the Security of the Borderless Infrastructure David DeSanto Director, Product Management Spirent Communications, Inc. @david_desanto Agenda 2 The Adversary The Adversary
More informationRadware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationwith Advanced Protection
with Advanced Email Protection OVERVIEW Today s sophisticated threats are changing. They re multiplying. They re morphing into new variants. And they re targeting people, not just technology. As organizations
More informationG8 Lyon-Roma Group High Tech Crime Subgroup
G8 Lyon-Roma Group High Tech Crime Subgroup In October 2009, a series of recommendations for amendments to ICANN s Registrar Accreditation Agreement (RAA) was proposed to ICANN by law enforcement agencies
More informationCritical Information Infrastructure Protection Law
Critical Information Infrastructure Protection Law CCD COE Training 8 September 2009 Tallinn, Estonia Maeve Dion Center for Infrastructure Protection George Mason University School of Law Arlington, Virginia.
More informationSecurity & Phishing
Email Security & Phishing Best Practices In Cybersecurity Presenters Bill Shieh Guest Speaker Staff Engineer Information Security Ellie Mae Supervisory Special Agent Cyber Crime FBI 2 What Is Phishing?
More informationThe Case for National CSIRTs
The Case for National CSIRTs ENOG 12 Yerevan 3-4 Oct 2016 What is a CERT (CSIRT)? A Computer Security Incident Response Team (CSIRT) is a service organization that is responsible for receiving, reviewing,
More informationANATOMY OF A DATA BREACH: DEVELOPMENTS IN DATA SECURITY AND CLOUD COMPUTING LAW
ANATOMY OF A DATA BREACH: DEVELOPMENTS IN DATA SECURITY AND CLOUD COMPUTING LAW Janis Kestenbaum (Federal Trade Commission) John O Tuel (GlaxoSmithKline) Alfred Saikali (Shook Hardy & Bacon) Christopher
More informationWP2 Metrics of Cyber Security
WP2 Metrics of Cyber Security WP2 Athens March 2018 CYBE Presented by: Jart Armin This work is performed within the SAINT Project (Systemic Analyser in Network Threats), with the support of the European
More informationHow Breaches Really Happen
How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability
More informationDEFENCE IN DEPTH HOW ANTIVIRUS, TRADITIONAL FIREWALLS, AND DNS FIREWALLS WORK TOGETHER
DEFENCE IN DEPTH HOW ANTIVIRUS, TRADITIONAL FIREWALLS, AND DNS FIREWALLS WORK TOGETHER D-Zone DNS Firewall 18-10-20171 EXECUTIVE SUMMARY Cyber attacks continue to grow at an alarming rate with ransomware
More informationA Strategy for a secure Information Society Dialogue, Partnership and empowerment
A Strategy for a secure Information Society Dialogue, Partnership and empowerment Gerard.Galler@ec.europa.eu European Commission DG Information Society & Media Unit INFSO/A3: Internet; Network & Information
More informationThe Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1
The Cyber Threat Bob Gourley, Partner, Cognitio June 22, 2016 How we think. 1 About This Presentation Based on decades of experience in cyber conflict Including cyber defense, cyber intelligence, cyber
More informationApplication Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks
Application Security Rafal Chrusciel Senior Security Operations Analyst, F5 Networks r.chrusciel@f5.com Agenda Who are we? Anti-Fraud F5 Silverline DDOS protection WAFaaS Threat intelligence & malware
More informationDNS Security. Ch 1: The Importance of DNS Security. Updated
DNS Security Ch 1: The Importance of DNS Security Updated 8-21-17 DNS is Essential Without DNS, no one can use domain names like ccsf.edu Almost every Internet communication begins with a DNS resolution
More informationTechniques, Tools and Processes to Help Service Providers Clean Malware from Subscriber Systems
Techniques, Tools and Processes to Help Service Providers Clean Malware from Subscriber Systems Barry Raveendran Greene, bgreene@senki.org October 22, 2012, Baltimore, Maryland, USA M3AAWG 26th General
More informationCybersecurity for ALL
Cybersecurity for ALL An Overview of ITU s Cybersecurity Activities OAS Hemispheric Workshop on the Development of a National Framework for Cyber Security 16 in Rio de Janeiro, Brazil Souheil Marine Head,
More informationto protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large
Executive Summary As a County Government servicing about 1.5 million citizens, we have the utmost responsibility to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large
More informationUniversal Trusted Service Provider Identity to Reduce Vulnerabilities
1.1 Session 3: Cyber-attacks: Are we ready for the battlefield of the 21st Century? 22 May 2008 Palais des Nations, Geneva Universal Trusted Service Provider Identity to Reduce Vulnerabilities Tony Rutkowski
More information(U) Cyber Threats to the Homeland
UNCLASSIFIED (U) Cyber Threats to the Homeland October 2016 The overall classification of this briefing is: (U) Warning: This product may contain US person information that has been deemed necessary for
More informationMANAGING CYBER RISK: THE HUMAN ELEMENTS OF CYBERSECURITY
19 MAY 2016 MANAGING CYBER RISK: THE HUMAN ELEMENTS OF CYBERSECURITY CHRIS FURLOW PRESIDENT RIDGE GLOBAL cfurlow@ridgeglobal.com www.ridgeglobal.com ABOUT RIDGE GLOBAL Ridge Global is the risk management
More informationThe Impact of Cybersecurity, Data Privacy and Social Media
Doing Business in a Connected World The Impact of Cybersecurity, Data Privacy and Social Media Security Incident tprevention and Response: Customizing i a Formula for Results Joseph hm. Ah Asher Marcus
More informationMozilla position paper on the legislative proposal for an EU Cybersecurity Act
Mozilla position paper on the legislative proposal for an EU Cybersecurity Act Enhancing cybersecurity through government vulnerability disclosure I. INTRODUCTION This paper provides an overview of Mozilla
More informationAutomated Context and Incident Response
Technical Brief Automated Context and Incident Response www.proofpoint.com Incident response requires situational awareness of the target, his or her environment, and the attacker. However, security alerts
More informationWORKSHOP CYBER SECURITY AND CYBERCRIME POLICIES FOR AFRICAN DIPLOMATS. Okechukwu Emmanuel Ibe
WORKSHOP CYBER SECURITY AND CYBERCRIME POLICIES FOR AFRICAN DIPLOMATS Okechukwu Emmanuel Ibe INTRODUCTION The Intelligence and Security Committee (ISC) is a Unit in the Office of the Chairperson of the
More informationGujarat Forensic Sciences University
Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat
More informationCentre for cybersecurity Belgium : Role, Missions et future capacities
Centre for cybersecurity Belgium : Role, Missions et future capacities NLO meeting 30/01/2018 Phédra Clouner Deputy Director CCB 01 CCB mission & services Page 2 Legal Basis R.D. 10/10/2014 Contribute
More informationCONTEMPORARY CYBER ATTACK TRENDS AND CHALLENGES DR SHASHWAT RAIZADA
CONTEMPORARY CYBER ATTACK TRENDS AND CHALLENGES DR SHASHWAT RAIZADA RECENT TRENDS IN CYBER ATTACKS Cyber Security Threats From Requests to Ransom Notes Source: www.ripandscam.com Source https://en.wikipedia.org/wiki/wannacry_ransomware_attack
More information2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report
Nationwide Cyber Security Review: Summary Report Nationwide Cyber Security Review: Summary Report ii Nationwide Cyber Security Review: Summary Report Acknowledgments The Multi-State Information Sharing
More informationIoT and Smart Infrastructure efforts in ENISA
IoT and Smart Infrastructure efforts in ENISA Dr. Dan Tofan IoT workshop BEREC 01.02.2017, Brussels European Union Agency for Network and Information Security Everything becomes connected Manufacturers
More informationAPTLD & MYNIC JOINT SURVEY
INTERNET SECURITY & CCTLDS SURVEY RESULTS 24 th June 2008, Tuesday ccnso meeting, Paris, France Survey Objectives Survey Summary:- For APTLD members to examine the roles and responsibilities of cctlds
More information